Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. CyberRAVE January 24, 2006 Strategic Approach to Developing Corporate Data Insurance.

Slides:



Advertisements
Similar presentations
Armand Racine Consultant Chemicals Branch
Advertisements

1 U. S. Risk-Based Capital Requirements and Their Context Alfred W. Gross Virginia Commissioner of Insurance National Association of Insurance Commissioners.
Chapter 10 Accounting Information Systems and Internal Controls
Control and Accounting Information Systems
Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.
Security Controls – What Works
WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
The Information Systems Audit Process
© 2012 McGladrey LLP. All Rights Reserved.© 2014 McGladrey LLP. All Rights Reserved. © 2012 McGladrey LLP. All Rights Reserved. © 2013 McGladrey LLP. All.
McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 11 Business/IT Strategies for Development.
1 BUSINESS CONTINUITY AND DISASTER RECOVERY PLANNING Reducing your Risk Profile MIDWEST DATA RECOVERY INC.
The Role of the Actuary in a General Insurance Company Yangon, Myanmar 14 July 2014 Scott Yen.
Sapient Insurance Partners. Overview & Services We have almost four decades of combined experience in the property & casualty insurance and reinsurance.
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
Consultancy.
INFORMATION SECURITY GOVERNANCE (ISG) Relates to the security of information systems Is an element of corporate governance.
Financial Advisory & Litigation Consulting Services Risk Management 2006 September 14-15, 2006 The Metropolitan Club, New York, NY Workshop B: Information.
Lecture 5 MGMT © 2012 Houman Younessi Framework for Cogenerating IS Strategy with Business Strategy (Co-Planning)
Information Security Training for Management Complying with the HIPAA Security Law.
Overview of Systems Audit
Don Von Dollen Senior Program Manager, Data Integration & Communications Grid Interop December 4, 2012 A Utility Standards and Technology Adoption Framework.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Unify and Simplify: Security Management
Chapter 3 Internal Controls.
Copyright © 2006 CyberRAVE LLC. All rights reserved. 1 Virtual Private Network Service Grid A Fixed-to-Mobile Secure Communications Framework Managed Security.
Windows 2000 Security Policies & Practices: How to build your plan Mandy Andress, CISSP President ArcSec Technologies.
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
Session 602 Exploring the Evolution of Access: Classified, Privacy, and Proprietary Restrictions.
© Dr. John T. Whiting All Rights Reserved Slide 1 The Rationale for Integrating IT Assets into the Strategic Business.
WorkflowOne Healthcare Print and Document Management Solutions that address IDNs supply chain, financial performance and patient outcome objectives.
© Copyright 2006 CyberRAVE LLC. All rights reserved. Confidential Information. Please do not distribute or reproduce without permission. 1 CyberRAVE The.
GRC - Governance, Risk MANAGEMENT, and Compliance
R L Captive Solutions Cost Control Presentation by Travis Lantis R L Consulting, LLC.
Roles and Responsibilities
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.
Remote Access Virtual Environment™ (RAVE) © Copyright 2003 CyberRAVE™ LLC. All rights reserved. A Knowledge Grid Coordinated Public & Private Network Contact.
IOPS Toolkit for Risk-based Supervision Module 4: Risk Mitigation and Scoring.
CERTIFICATION In the Electronics Recycling Industry © 2007 IAER Web Site - -
Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
CHAPTER 2 Supply Chain Management. Copyright © 2001 by The McGraw-Hill Companies, Inc. All rights reserved.McGraw-Hill/Irwin 2-2 Supply Chain Management.
Fundamentals I: Accounting Information Systems McGraw-Hill/Irwin Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
RISK MANAGEMENT : JOURNEY OR DESTINATION ?. What is Risk? “ Any uncertain event that could significantly enhance or impede a Company’s ability to achieve.
Working with HIT Systems
Introduction to Information Security
Role of Montana State Fund. Montana State Fund is committed to the health and economic prosperity of Montana through superior service, leadership and.
Rob Davidson, Partner Technology Specialist Microsoft Management Servers: Using management to stay secure.
International Security Management Standards. BS ISO/IEC 17799:2005 BS ISO/IEC 27001:2005 First edition – ISO/IEC 17799:2000 Second edition ISO/IEC 17799:2005.
Information Security Measures Confidentiality IntegrityAccessibility Information cannot be available or disclosed to unauthorized persons, entities or.
Information Security Framework Regulatory Compliance and Reporting Auditing and Validation Metrics Definition and Collection Reporting (management, regulatory,
45 minutes south of the Twin Cities on Interstate 35 Population approximately 25,000.
Current risk and compliance priorities for law firms PETER SCOTT CONSULTING.
Alex Ezrakhovich Process Approach for an Integrated Management System Change driven.
Dolly Dhamodiwala CEO, Business Beacon Management Consultants
Lecture 5 Control and AIS Copyright © 2012 Pearson Education 7-1.
1Third Party Assurance Optimization and Control RationalizationCopyright © 2016 Deloitte Development LLC. All rights reserved. Third-Party Assurance (TPA)
Welcome to the ICT Department Unit 3_5 Security Policies.
Donald JG Chiarella, PhD, CISM, CDMP, PEM, CHS-CIA, MBA.
Draft - Enterprise Risk Management Risk Universe
Information Security Program
Project proposal for ISO 27001:2013 implementation
Chapter 2.
Cyber Risk & Cyber Insurance - Overview
Role of CMA in life insurance industry
Neopay Practical Guides #2 PSD2 (Should I be worried?)
IT Management Services Infrastructure Services
Presentation transcript:

Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. CyberRAVE January 24, 2006 Strategic Approach to Developing Corporate Data Insurance Coverage By Joseph A. Sprute, President CyberRAVE™ LLC

Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Business Intent Programmatically Couple Enterprise Risk Management with Computer Assisted Audit Technology. Provide Network Data Compliance and Insurability for “Certified” environments. Underwrite and sponsor new lines of insurance products for corporate customers. Foster a business culture that mitigates network data threats and vulnerabilities.

Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Business Case Companies need additional risk coverage for network data systems. “Certified” products & services establish a framework for optimized business performance. Companies will benefit using compliant systems that have key insurable components. The baseline for defining risk associated with Network Data is raw data.

Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Operational Goals I. Actuarial Components II. Risk Metrics III. Application Environment IV. Module Integration V. Systems Integration VI. Certification Programs

Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. I. Actuarial Components Risk Classification Unknown Risk Threats & Vulnerabilities Assessment Risk Controls Price Variables Price Drivers

Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Risk Classification Assets Threats Vulnerabilities Strategic Priorities Strategic Goals Manifest Risks

Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Unknown Risk Bayesian Analysis –Expresses uncertainty about unknown parameters probabilistically A logical, quantitative framework that supports the iterative process of integrating and accumulating information and knowledge in order to further a scientific, technologic or policy interest Supports inverse probability (Posterior Distribution) Handles prior probabilities Supports complex statistical problems with relative ease Knowledge structure works with multi-discipline practitioners Casts statistical problems in the framework of decision making Entails formulating subjective prior probabilities to express pre-existing information Has careful modeling of the data structure Checking and allowing for uncertainty in model assumptions Formulating a set of possible decisions and a utility function to express how the value of each alternative decision is affected by the unknown model parameters Components can be omitted (e.g. no prior information, decision-theoretic framework etc)

Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Threats & Vulnerabilities Assessment Universal Known Unknown Past Present Future

Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Risk Controls Threat & Vulnerability Assessment Risk Minimization Environmental Monitoring Measurements & Modeling Active Mitigation True Remediation

Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Price Variables Risk, Cost, Benefit Variable Risk Table Translations Data Analytics Insurance Underwriting Criteria Asset Coverage

Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Price Drivers Advantages over competition Customer perception of value Product fit compared to nearest competition Expected term of competitive advantage Expected Product lifecycle Estimated total potential market (defined without price controls) Percentage of market share sought ROI expectations Branding resources (advertising etc) Impact on new sales and lifecycle of existing products

Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. II. Risk Metrics Asset Profile Asset Valuation Variable Risk Factors Risk Calculations Decision Support Risk Minimization

Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Asset Profile Type Class Value Threats Vulnerabilities Uses

Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Asset Valuation Origination & Handling Prior Conditions (History) Storage & Management Accounting Controls Applicable Uses Risk of Abuses

Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Variable Risk Factors Threats, Vulnerabilities & Incidents 1.Network Data Level Assessment, Access, Authorization, Authentication, Accounting, Auditing 2.Physical Level People, Data, Systems, Network, Processes, Facilities 3.Logical Level Social, Economic, Political, Legal, Technical, Administrative 4.Semantic Level Ontology, Syntax, Context, Constructors, Properties, Operators 5.Reporting Level Who, What, Where, When, Why, How 6.Actuarial Level Universal, Known, Unknown, Past, Present, Future

Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Risk Calculations Data Value Risk Categorization Bayesian Analysis (Unknown Variables) Damage Cost Risk Conversion Risk Management

Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Decision Support Risk Premium Matrix Real-Time Compliance Monitor Risk Modeling Tools Business Rules Framework Service Control Panel User Interface

Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Risk Minimization Physical Security Logical Security Standards & Best Practices Business Process Management Reporting Auditing

Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. III. Application Environment Systems & Platforms Actuarial Reporting Regulation Compliance Account Management Customer Use

Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Systems & Platforms Common off the Shelf Process Management Risk Management Measurement & Analytics Reporting, Forensics & Auditing Computational Grid

Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Actuarial Reporting Assessment Access Authentication Authorization Accounting Auding

Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Account Management Data Profile Metadata Storage & Management Environmental Controls Risk Factors Certification Auditing

Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Customer Use Business Performance & Optimization Standards, Best Practices, & Compliance Asset Protection Risk Management Data Management

Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. IV. Module Integration Beneficial Uses Change Management Application Environment Administrative Support Training Sales

Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Beneficial Uses Risk Coverage –Best Practice –Compliance –Disaster Recovery –Asset Reimbursement Business Process Efficiency –Accounting –Monitoring –Reporting –Optimizing

Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Change Management Communication Process Alignment Roles & Rules (Policy Development) Systems Integration Monitoring & Testing Reconfiguration

Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Application Environment Module Description Application Overview Platforms Programming Languages Application Programming Interface Standards & Best Practices

Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Administrative Support Legal & Regulatory R&D Business Systems Facilities & Hosting Personnel Roles & Rules

Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Training Marketing Communications Sales Prospects Customers Partners Employees

Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Sales New & Existing Accounts –Accounting Services –Actuary Services –Business Services –Consulting Services –Insurance Services

Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. V. Systems Integration Business & Technology Sales & Marketing Legal & Administrative

Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Business & Technology Objectives Declaration Resource Consolidation Risk Tolerance Calibration Compliance Tools Documentation Systems Certification

Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Regulation Compliance National & International –BFSI –Healthcare –Telecom –Utilities

Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Sales & Marketing Professional Services (Regulated Industries) –Financial Services –Health Services –Telecommunications –Transportation –Utilities –Etc

Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Legal & Administrative Jurisdiction Policy Coverage Certification Monitoring & Reporting Auditing

Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. VI. Certification Programs Coverages –Employees & Processes –Data & Information –Legal & Jurisdiction

Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Coverages Transaction Disaster Employee Legal Privacy Regulatory

Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Assess Asset Profile User Environment Actuarial Components Risk Metrics Compliance Standards Goals & Expectations

Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Account Asset Inventory Liability Assessment Controls Reporting & Transparency Certification

Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Harden Data Networks (Public/Private) Communication Methods & Systems Information Management Systems User Environments Users & Groups Compliance

Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Manage “Hardened” Elements Change Expectations ROI TCO

Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Audit People Processes Technology

Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Notes

Non-Confidential Copyright © 2006 CyberRAVE LLC. All Rights Reserved. Risk Conversion Data Context Storage & Handling Asset Valuation Threats & Vulnerabilities Mitigation Risk Management Insurability

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.